|
[Japanese]
|
JVNDB-2022-001494
|
Trend Micro Apex Central and Trend Micro Apex Central as a Service vulnerable to improper check for file contents
|
|
Trend Micro Apex Central and Trend Micro Apex Central as a Service provided by Trend Micro Incorporated are vulnerable to improper check for file contents (CWE-345, CVE-2022-26871).
Trend Micro Incorporated states that attacks has been observed.
Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
|
|
CVSS V3 Severity:
Base Metrics 8.6 (High) [Other]
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: High
CVSS V2 Severity:
Base Metrics 7.5 (High) [NVD Score]
- Access Vector: Network
- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: Partial
- Integrity Impact: Partial
- Availability Impact: Partial
|
|
|
Trend Micro, Inc.
- Apex Central 2019 prior to Build 6016
- Apex Central as a Service prior to Build 202203
|
|
|
A remote attacker may upload an arbitrary file in the product. As a result, arbitrary code may be executed.
|
|
[Apply the Patch]
Apply the patch according to the information provided by the developer.
The developer has released a patch listed below that contains a fix for this vulnerability.
* Trend Micro Apex Central 2019 Patch3 (Build 6016)
The issue in Trend Micro Apex Central as a Service is fixed in the March 2022 updates.
|
|
Trend Micro, Inc.
|
|
- Insufficient Verification of Data Authenticity(CWE-345) [Other]
|
|
- CVE-2022-26871
|
|
- JVN : JVNVU#99107357
- National Vulnerability Database (NVD) : CVE-2022-26871
- JPCERT REPORT : JPCERT-AT-2022-0008
- CISA Known Exploited Vulnerabilities Catalog : CVE-2022-26871
|
|
- [2022/03/31]
Web page was published
|
